© 2001, Cisco Systems, Inc. CSIDS 2.05-1 Chapter 5 Cisco Secure Intrusion Detection System Sensor Installation.

Презентация:



Advertisements
Похожие презентации
© 2001, Cisco Systems, Inc. CSIDS Chapter 9 Signature and Intrusion Detection Configuration.
Advertisements

© 2001, Cisco Systems, Inc. CSIDS Chapter 4 Cisco Secure Policy Manager Installation.
© 2001, Cisco Systems, Inc. CSIDS Chapter 10 IP Blocking Configuration.
© 2001, Cisco Systems, Inc. CSIDS Chapter 8 Sensor Configuration.
© 2001, Cisco Systems, Inc. CSIDS Cisco Secure Intrusion Detection System 2.0.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 10 Configure the Cisco VPN 3002 Hardware Client for Remote Access Using Pre-Shared.
© 2001, Cisco Systems, Inc. CSIDS Chapter 6 Alarm Management.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 15 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 7 Using the Intrusion Detection System Device Manager to Configure the Sensor.
© 2004, Cisco Systems, Inc. All rights reserved. CSIDS Lesson 12 Cisco Intrusion Detection System Maintenance.
© 2000, Cisco Systems, Inc. CSPFF Chapter 5 Cisco Secure PIX Firewall Configuration.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 7 Configure the Cisco VPN Firewall Feature for IPSec Software Client.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA Lesson 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 8 Object Grouping.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 11 Configure the Cisco Virtual Private Network 3002 Hardware Client for Unit and.
© 2003, Cisco Systems, Inc. All rights reserved. CSPFA Chapter 9 Routing.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Operating and Configuring Cisco IOS Devices Starting a Switch.
© 2005, Cisco Systems, Inc. All rights reserved. IPS v Lesson 4 Using IPS Device Manager.
© 2003, Cisco Systems, Inc. All rights reserved. CSVPN Lesson 17 Configure the Cisco Virtual Private Network 3000 Series Concentrator for LAN-to-LAN.
1 © 2005 Cisco Systems, Inc. All rights reserved. Implementing Intrusion Prevention Systems.
Транксрипт:

© 2001, Cisco Systems, Inc. CSIDS Chapter 5 Cisco Secure Intrusion Detection System Sensor Installation

© 2001, Cisco Systems, Inc. CSIDS Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the most common Sensor deployment options. Define the terms device management and firewall sandwich. Describe the functional differences between the Command and Control interface and the Monitoring interface on the Sensor.

© 2001, Cisco Systems, Inc. CSIDS Objectives (cont.) Get management access on the Sensor. Bootstrap the Sensor. Add a Sensor in CSPM. Push the initial configuration files from CSPM to the Sensor. Describe how to check for errors when adding a Sensor in CSPM.

© 2001, Cisco Systems, Inc. CSIDS Deploying CSIDS

© 2001, Cisco Systems, Inc. CSIDS Protected network... Untrusted network Command and Control network Monitoring interface Basic Installation Out-of-band network Out-of-band network

© 2001, Cisco Systems, Inc. CSIDS Protected network... Untrusted network Command and Control network Monitoring interface Installation with Device Management Dedicated router interface

© 2001, Cisco Systems, Inc. CSIDS Protected network... Untrusted network Command and Control network Monitoring interface Firewall Firewall Sandwich Installation

© 2001, Cisco Systems, Inc. CSIDS Remote network Sensor Director Untrusted network IPSec tunnel Remote Sensor Installation Protected network

© 2001, Cisco Systems, Inc. CSIDS Dial-up access Partner network Protected network Payroll Untrusted network DNS server Web server Sensor Placement Considerations

© 2001, Cisco Systems, Inc. CSIDS The Sensor Appliances

© 2001, Cisco Systems, Inc. CSIDS Sensor Front Panel Power LED Hard Drive LED Power switch Reset switch Floppy disk drive CD-ROM drive CD-ROM drive

© 2001, Cisco Systems, Inc. CSIDS Monitoring interface Command and Control interface 4230 Sensor Back Panel Power supply switch Keyboard Console Port Video monitor

© 2001, Cisco Systems, Inc. CSIDS Sensor Front Panel Console port

© 2001, Cisco Systems, Inc. CSIDS Sensor Back Panel Video monitor Video monitor Keyboard Command and Control interface Monitoring interface Console access

© 2001, Cisco Systems, Inc. CSIDS Management Access Console Port (cable provided) Monitor and Keyboard Telnet

© 2001, Cisco Systems, Inc. CSIDS Login Accounts root –Operating system- level access –Use only for Bootstrapping (sysconfig-sensor) Solaris operating system-level commands (e.g., snoop) netrangr –CSIDS-level access –Use for all other CSIDS commands

© 2001, Cisco Systems, Inc. CSIDS Sensor Bootstrap Configuration

© 2001, Cisco Systems, Inc. CSIDS sysconfig-sensor

© 2001, Cisco Systems, Inc. CSIDS IP Configuration Option 1IP Address Option 2IP Netmask Option 3IP Hostname –UNIX hostname (independent of PostOffice) Option 4Default Route –Enter a default route if access to or from the Sensor from or to another network is required

© 2001, Cisco Systems, Inc. CSIDS Network Access Control Option 5List of IP addresses allowed to telnet, ftp, or tftp to the Sensor Examples – (specific IP) –10. (anyone with IP starting with 10.) 10. is set by default and should be removed

© 2001, Cisco Systems, Inc. CSIDS Configuring Communication Parameters Option 6

© 2001, Cisco Systems, Inc. CSIDS Creating Initial Configuration Files

© 2001, Cisco Systems, Inc. CSIDS Option 7 Configuring the System Date, Time, and Timezone

© 2001, Cisco Systems, Inc. CSIDS Option 8 Changing Passwords

© 2001, Cisco Systems, Inc. CSIDS Exiting sysconfig-sensor Option xExiting sysconfig-sensor –Options 1 through 5 require the Sensor to rebootSystem prompts you to reboot when parameters change: enter y at the prompt –Options 6 through 8 do not require the Sensor to reboot –Director communications are ready Proceed to add the Sensor to the Director and enable intrusion detection

© 2001, Cisco Systems, Inc. CSIDS Adding a Sensor in CSPM

© 2001, Cisco Systems, Inc. CSIDS Select Add Sensor Start the Add Sensor Wizard

© 2001, Cisco Systems, Inc. CSIDS Sensor Identification Enter Org ID Enter comments Enter Host ID Enter Sensor Name Enter Org Name Leave Cisco PostOffice in the field Enter IP Address Verify the Sensors address For pre- configured Sensors

© 2001, Cisco Systems, Inc. CSIDS Default Gateway Address Enter Network Mask Enter IP address

© 2001, Cisco Systems, Inc. CSIDS Select Sensor Version and Signatures Template Choose the template Choose the version

© 2001, Cisco Systems, Inc. CSIDS Sensor Added in Network Topology Click Finish The Sensor is added

© 2001, Cisco Systems, Inc. CSIDS Add the CSPM Host to the Topology Right-click Network and choose New>Host. Click Yes to add the CSPM host itself to the topology.

© 2001, Cisco Systems, Inc. CSIDS Select the Sensor Select the Control tab Selecting the PDP Choose your host as PDP Click OK

© 2001, Cisco Systems, Inc. CSIDS Saving and Updating the Configuration Saves the configuration in CSPM Saves and updates the Sensor configuration files Check for errors

© 2001, Cisco Systems, Inc. CSIDS Pushing the Configuration Files to the Sensor Select the Sensor Select the Comman d tab Check for errors Click Approve Now

© 2001, Cisco Systems, Inc. CSIDS Check for Errors Select the Sensor Select the Comman d tab Check for errors Click Approve Now

© 2001, Cisco Systems, Inc. CSIDS Consistency Check Select Consistency Check Check for errors

© 2001, Cisco Systems, Inc. CSIDS Summary The most common Sensor installation and deployment options. Definition of the terms device management and firewall sandwich. The functional differences between the Command and Control interface and the Monitoring interface on the Sensor. You can gain access to a Sensor for management by connecting a keyboard and a monitor, attaching a console cable, or via the network.

© 2001, Cisco Systems, Inc. CSIDS Summary (cont.) The Sensor is bootstrapped using the sysconfig-sensor utility. The Add Sensor wizard is used to add a Sensor in CSPM. The Command Approval function of CSPM enables you to push the configuration files from CSPM to the Sensor. The Command Status and Command/Message windows displays any errors when adding a Sensor in CSPM.

© 2001, Cisco Systems, Inc. CSIDS Lab Sensor Installation

© 2001, Cisco Systems, Inc. CSIDS Pod P Your Pod Pod Q Peer Pod CSPM Lab Visual Objective rP e0/0 e0/ P.0 /24.P.1.4 rQ e0/0 e0/1.Q Q.0 / / P.3CSPM10.0.Q.3 Host ID = 3Org ID = P Host Name = director P Org Name = pod P.6 sensorP idsmP sensorQ idsmQ Host ID = 3Org ID = Q Host Name = director Q Org Name = pod Q